mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-02-21 22:11:48 +01:00
Code Issues Projects Releases Packages Wiki Activity

Greenfield: Fix invoice refund permission (#5558)

Browse source
This commit is contained in:
Andrew Camilleri 2023-12-14 11:15:36 +01:00 committed by GitHub
parent 97fda9d362
commit e4aaff5e34
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
BTCPayServer/Controllers/GreenField/GreenfieldInvoiceController.cs
View file

@ -41,6 +41,7 @@ namespace BTCPayServer.Controllers.Greenfield
private readonly RateFetcher _rateProvider;
private readonly InvoiceActivator _invoiceActivator;
private readonly ApplicationDbContextFactory _dbContextFactory;
private readonly IAuthorizationService _authorizationService;
public LanguageService LanguageService { get; }
@ -48,7 +49,9 @@ namespace BTCPayServer.Controllers.Greenfield
LinkGenerator linkGenerator, LanguageService languageService, BTCPayNetworkProvider btcPayNetworkProvider,
CurrencyNameTable currencyNameTable, RateFetcher rateProvider,
InvoiceActivator invoiceActivator,
PullPaymentHostedService pullPaymentService, ApplicationDbContextFactory dbContextFactory)
PullPaymentHostedService pullPaymentService,
ApplicationDbContextFactory dbContextFactory,
IAuthorizationService authorizationService)
{
_invoiceController = invoiceController;
_invoiceRepository = invoiceRepository;
@ -59,6 +62,7 @@ namespace BTCPayServer.Controllers.Greenfield
_invoiceActivator = invoiceActivator;
_pullPaymentService = pullPaymentService;
_dbContextFactory = dbContextFactory;
_authorizationService = authorizationService;
LanguageService = languageService;
}
@ -350,7 +354,7 @@ namespace BTCPayServer.Controllers.Greenfield
return this.CreateValidationError(ModelState);
}
[Authorize(Policy = Policies.CanModifyStoreSettings,
[Authorize(Policy = Policies.CanCreateNonApprovedPullPayments,
AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
[HttpPost("~/api/v1/stores/{storeId}/invoices/{invoiceId}/refund")]
public async Task<IActionResult> RefundInvoice(
@ -512,6 +516,7 @@ namespace BTCPayServer.Controllers.Greenfield
createPullPayment.Amount = Math.Round(createPullPayment.Amount - reduceByAmount, appliedDivisibility);
}
createPullPayment.AutoApproveClaims = createPullPayment.AutoApproveClaims && (await _authorizationService.AuthorizeAsync(User, createPullPayment.StoreId ,Policies.CanCreatePullPayments)).Succeeded;
var ppId = await _pullPaymentService.CreatePullPayment(createPullPayment);
await using var ctx = _dbContextFactory.CreateContext();

7
BTCPayServer/Controllers/UIStorePullPaymentsController.PullPayments.cs
View file

@ -138,11 +138,8 @@ namespace BTCPayServer.Controllers
}
if (!ModelState.IsValid)
return View(model);
if (model.AutoApproveClaims)
{
model.AutoApproveClaims = (await
_authorizationService.AuthorizeAsync(User, storeId, Policies.CanCreatePullPayments)).Succeeded;
}
model.AutoApproveClaims = model.AutoApproveClaims && (await
_authorizationService.AuthorizeAsync(User, storeId, Policies.CanCreatePullPayments)).Succeeded;
await _pullPaymentService.CreatePullPayment(new HostedServices.CreatePullPayment()
{
Name = model.Name,

2
BTCPayServer/wwwroot/swagger/v1/swagger.template.invoices.json
View file

@ -770,7 +770,7 @@
"security": [
{
"API_Key": [
"btcpay.store.canmodifystoresettings"
"btcpay.store.cancreatepullpayments"
],
"Basic": []
}